Message ID | 1558272652-23969-1-git-send-email-oliver.fuhrer@bluewin.ch |
---|---|
State | Accepted |
Commit | bf2a1c524bb11f41b38708f3a7e5d0c19d54d5cf |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 6FC7485218B for <patchwork@web07.i.ipfire.org>; Sun, 19 May 2019 14:34:30 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 456NKw6GCsz519NR; Sun, 19 May 2019 14:34:28 +0100 (BST) Received: from vimdzmsp-mail03.bluewin.ch (vimdzmsp-mail03.bluewin.ch [195.186.120.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 456NKs3jW3z51Yd8 for <development@lists.ipfire.org>; Sun, 19 May 2019 14:34:25 +0100 (BST) Received: from mail.0xdecafbad.info ([178.198.13.2]) by vimdzmsp-mail03.bluewin.ch Swisscom AG with SMTP id SLxChRGQwKnFRSLxChb5Dm; Sun, 19 May 2019 15:34:18 +0200 X-Bluewin-Spam-Analysis: v=2.1 cv=KeAfyVsD c=1 sm=1 tr=0 a=YHE3FDuBGPdfKus2i3ZD5A==:117 a=YHE3FDuBGPdfKus2i3ZD5A==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=E5NmQfObTbMA:10 a=peY46tDQ_MsLPZKxPUgA:9 X-Bluewin-Spam-Score: 0.00 X-FXIT-IP: IPv4[178.198.13.2] Epoch[1558272858] Received: from buildhost7.vmlab.local (buildhost7.vmlab.local [192.168.10.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.0xdecafbad.info (Postfix) with ESMTPS id D245E21F2; Sun, 19 May 2019 15:33:39 +0200 (CEST) From: Oliver Fuhrer <oliver.fuhrer@bluewin.ch> To: oliver.fuhrer@bluewin.ch Subject: [PATCH v2] BUG 11696: VPN Subnets missing from wpad.dat Date: Sun, 19 May 2019 15:30:52 +0200 Message-Id: <1558272652-23969-1-git-send-email-oliver.fuhrer@bluewin.ch> X-Mailer: git-send-email 1.8.3.1 X-0xDecafBad-MailScanner-Information: Please contact the ISP for more information X-0xDecafBad-MailScanner-ID: D245E21F2.A68AF X-0xDecafBad-MailScanner: Found to be clean X-0xDecafBad-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-1, required 2, autolearn=not spam, ALL_TRUSTED -1.00) X-0xDecafBad-MailScanner-From: oliver.fuhrer@bluewin.ch X-Spam-Status: No X-CMAE-Envelope: MS4wfKKHz261r4VT3EWI5/Y2pHUXTHQ5RPBdygljzk6MkLKiJqLdeQAceHfjyEjGQV2TSp+hKFjfGdQarpreU4yq6/X1GpvJJySDJ/9kQWFwJpEh41Vyj8sx b5vZVsvjvltMGvDWmMOZY4B2i6xfqSp88fP4sYNT7mlA0jO9ifl1Aks0v/OzubXmPqg9oa6t2kjgQuZgnxuFEZ5qhzDThlJQMpq7Ueoq4ZNoHggjJ6zodeLx Authentication-Results: mail01.ipfire.org; dkim=none; dmarc=none; spf=pass (mail01.ipfire.org: domain of oliver.fuhrer@bluewin.ch designates 195.186.120.121 as permitted sender) smtp.mailfrom=oliver.fuhrer@bluewin.ch X-Rspamd-Queue-Id: 456NKs3jW3z51Yd8 X-Spamd-Result: default: False [-2.41 / 11.00]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[2.13.198.178.zen.spamhaus.org : 127.0.0.11]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.186.120.0/24]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[bluewin.ch]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mx-v01.bluewin.ch,mx-v02.bluewin.ch,mxbw.lb.bluewin.ch]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:3303, ipnet:195.186.0.0/16, country:CH]; RCVD_TLS_LAST(0.00)[]; BAYES_HAM(-3.00)[100.00%]; RCVD_IN_DNSWL_LOW(-0.10)[121.120.186.195.list.dnswl.org : 127.0.5.1] X-Rspamd-Server: mail01.i.ipfire.org Cc: development@lists.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
[v2] BUG 11696: VPN Subnets missing from wpad.dat
|
|
Commit Message
Oliver Fuhrer
May 19, 2019, 11:30 p.m. UTC
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. --- Hi List, New version of the patch, this one has been created against next branch and successfully tested on a fresh build. Regards Oliver html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
Comments
Hi, Thank you for rebasing this patch. It applies and is merged! -Michael > On 19 May 2019, at 14:30, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: > > This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. > --- > Hi List, > New version of the patch, this one has been created against next branch and successfully tested on a fresh build. > > Regards > Oliver > > html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index 91e4fce..b639640 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -2848,6 +2848,10 @@ sub write_acls > > sub writepacfile > { > + my %vpnconfig=(); > + my %ovpnconfig=(); > + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > flock(FILE, 2); > print FILE "function FindProxyForURL(url, host)\n"; > @@ -2910,6 +2914,27 @@ END > } > } > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > + > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { > + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > + foreach my $network (@networks) { > + my ($vpnip, $vpnsub) = split("/", $network); > + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; > + } > + } > + } > + > print FILE <<END > (isInNet(host, "169.254.0.0", "255.255.0.0")) > ) > -- > 1.8.3.1 >
Hi Michael, You're welcome. I have been poking around in vpnmain.cgi and ovpnmain.cgi to automatically update the wpad.dat file upon tunnel add/delete/enable/disable. Should I send this one as feature? Regards Oliver > > Hi, > > Thank you for rebasing this patch. It applies and is merged! > > -Michael > > > On 19 May 2019, at 14:30, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: > > > > This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > subnets to wpad.dat so they don't pass through the proxy. > > --- > > Hi List, > > New version of the patch, this one has been created against next branch > and successfully tested on a fresh build. > > > > Regards > > Oliver > > > > html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ > > 1 file changed, 25 insertions(+) > > > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > > index 91e4fce..b639640 100644 > > --- a/html/cgi-bin/proxy.cgi > > +++ b/html/cgi-bin/proxy.cgi > > @@ -2848,6 +2848,10 @@ sub write_acls > > > > sub writepacfile > > { > > + my %vpnconfig=(); > > + my %ovpnconfig=(); > > + &General::readhasharray("${General::swroot}/vpn/config", > \%vpnconfig); > > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", > \%ovpnconfig); > > open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > > flock(FILE, 2); > > print FILE "function FindProxyForURL(url, host)\n"; > > @@ -2910,6 +2914,27 @@ END > > } > > } > > > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp > uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne > 'host') { > > + my @networks = split(/\|/, $vpnconfig{$key}[11]); > > + foreach my $network (@networks) { > > + my ($vpnip, $vpnsub) = split("/", $network); > > + $vpnsub = > &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > > + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > > + } > > + } > > + } > > + > > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp > uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne > 'host') { > > + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > > + foreach my $network (@networks) { > > + my ($vpnip, $vpnsub) = split("/", $network); > > + print FILE " (isInNet(host, \"$vpnip\", > \"$vpnsub\")) ||\n"; > > + } > > + } > > + } > > + > > print FILE <<END > > (isInNet(host, "169.254.0.0", "255.255.0.0")) > > ) > > -- > > 1.8.3.1 > >
Yes please. It would be great to have this all coming in one patchset in the future. That keeps noise on the list down and allows us to review the whole thing in one go. Are you planning to move this into a function that you will call from the various CGI files? -Michael > On 20 May 2019, at 16:31, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: > > Hi Michael, > You're welcome. > I have been poking around in vpnmain.cgi and ovpnmain.cgi to automatically update the wpad.dat file upon tunnel add/delete/enable/disable. > Should I send this one as feature? > > Regards > Oliver > >> >> Hi, >> >> Thank you for rebasing this patch. It applies and is merged! >> >> -Michael >> >>> On 19 May 2019, at 14:30, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: >>> >>> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n >> subnets to wpad.dat so they don't pass through the proxy. >>> --- >>> Hi List, >>> New version of the patch, this one has been created against next branch >> and successfully tested on a fresh build. >>> >>> Regards >>> Oliver >>> >>> html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ >>> 1 file changed, 25 insertions(+) >>> >>> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi >>> index 91e4fce..b639640 100644 >>> --- a/html/cgi-bin/proxy.cgi >>> +++ b/html/cgi-bin/proxy.cgi >>> @@ -2848,6 +2848,10 @@ sub write_acls >>> >>> sub writepacfile >>> { >>> + my %vpnconfig=(); >>> + my %ovpnconfig=(); >>> + &General::readhasharray("${General::swroot}/vpn/config", >> \%vpnconfig); >>> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", >> \%ovpnconfig); >>> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); >>> flock(FILE, 2); >>> print FILE "function FindProxyForURL(url, host)\n"; >>> @@ -2910,6 +2914,27 @@ END >>> } >>> } >>> >>> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp >> uc($vpnconfig{$b}[1]) } keys %vpnconfig) { >>> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne >> 'host') { >>> + my @networks = split(/\|/, $vpnconfig{$key}[11]); >>> + foreach my $network (@networks) { >>> + my ($vpnip, $vpnsub) = split("/", $network); >>> + $vpnsub = >> &Network::convert_prefix2netmask($vpnsub) || $vpnsub; >>> + print FILE " (isInNet(host, \"$vpnip\", >> \"$vpnsub\")) ||\n"; >>> + } >>> + } >>> + } >>> + >>> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp >> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { >>> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne >> 'host') { >>> + my @networks = split(/\|/, $ovpnconfig{$key}[11]); >>> + foreach my $network (@networks) { >>> + my ($vpnip, $vpnsub) = split("/", $network); >>> + print FILE " (isInNet(host, \"$vpnip\", >> \"$vpnsub\")) ||\n"; >>> + } >>> + } >>> + } >>> + >>> print FILE <<END >>> (isInNet(host, "169.254.0.0", "255.255.0.0")) >>> ) >>> -- >>> 1.8.3.1 >>> > >
Hi Michael > Yes please. > > It would be great to have this all coming in one patchset in the future. That > keeps noise on the list down and allows us to review the whole thing in one > go. > OK, I'll then combine this enhancement patch with a fix for Bug #11047 and some code improvement for #11614, however it might take a couple of days until this ready to be sent. > Are you planning to move this into a function that you will call from the > various CGI files? > I had a look at the code and I think, I hopefully got it right by moving my code to general-functions.pl Oliver > -Michael > > > On 20 May 2019, at 16:31, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: > > > > Hi Michael, > > You're welcome. > > I have been poking around in vpnmain.cgi and ovpnmain.cgi to > automatically update the wpad.dat file upon tunnel > add/delete/enable/disable. > > Should I send this one as feature? > > > > Regards > > Oliver > > > >> > >> Hi, > >> > >> Thank you for rebasing this patch. It applies and is merged! > >> > >> -Michael > >> > >>> On 19 May 2019, at 14:30, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> > wrote: > >>> > >>> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > >> subnets to wpad.dat so they don't pass through the proxy. > >>> --- > >>> Hi List, > >>> New version of the patch, this one has been created against next branch > >> and successfully tested on a fresh build. > >>> > >>> Regards > >>> Oliver > >>> > >>> html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ > >>> 1 file changed, 25 insertions(+) > >>> > >>> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > >>> index 91e4fce..b639640 100644 > >>> --- a/html/cgi-bin/proxy.cgi > >>> +++ b/html/cgi-bin/proxy.cgi > >>> @@ -2848,6 +2848,10 @@ sub write_acls > >>> > >>> sub writepacfile > >>> { > >>> + my %vpnconfig=(); > >>> + my %ovpnconfig=(); > >>> + &General::readhasharray("${General::swroot}/vpn/config", > >> \%vpnconfig); > >>> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", > >> \%ovpnconfig); > >>> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > >>> flock(FILE, 2); > >>> print FILE "function FindProxyForURL(url, host)\n"; > >>> @@ -2910,6 +2914,27 @@ END > >>> } > >>> } > >>> > >>> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp > >> uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > >>> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne > >> 'host') { > >>> + my @networks = split(/\|/, $vpnconfig{$key}[11]); > >>> + foreach my $network (@networks) { > >>> + my ($vpnip, $vpnsub) = split("/", $network); > >>> + $vpnsub = > >> &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > >>> + print FILE " (isInNet(host, \"$vpnip\", > >> \"$vpnsub\")) ||\n"; > >>> + } > >>> + } > >>> + } > >>> + > >>> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp > >> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > >>> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne > >> 'host') { > >>> + my @networks = split(/\|/, $ovpnconfig{$key}[11]); > >>> + foreach my $network (@networks) { > >>> + my ($vpnip, $vpnsub) = split("/", $network); > >>> + print FILE " (isInNet(host, \"$vpnip\", > >> \"$vpnsub\")) ||\n"; > >>> + } > >>> + } > >>> + } > >>> + > >>> print FILE <<END > >>> (isInNet(host, "169.254.0.0", "255.255.0.0")) > >>> ) > >>> -- > >>> 1.8.3.1 > >>> > > > >
Do you have a dev account and yet? Do you want one to have your Git repos on git.ipfire.org? -Michael > On 22 May 2019, at 20:52, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: > > Hi Michael > >> Yes please. >> >> It would be great to have this all coming in one patchset in the future. That >> keeps noise on the list down and allows us to review the whole thing in one >> go. >> > OK, I'll then combine this enhancement patch with a fix for Bug #11047 and some code improvement for #11614, however it might take a couple of days until this ready to be sent. > >> Are you planning to move this into a function that you will call from the >> various CGI files? >> > I had a look at the code and I think, I hopefully got it right by moving my code to general-functions.pl > > Oliver >> -Michael >> >>> On 20 May 2019, at 16:31, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> wrote: >>> >>> Hi Michael, >>> You're welcome. >>> I have been poking around in vpnmain.cgi and ovpnmain.cgi to >> automatically update the wpad.dat file upon tunnel >> add/delete/enable/disable. >>> Should I send this one as feature? >>> >>> Regards >>> Oliver >>> >>>> >>>> Hi, >>>> >>>> Thank you for rebasing this patch. It applies and is merged! >>>> >>>> -Michael >>>> >>>>> On 19 May 2019, at 14:30, Oliver Fuhrer <oliver.fuhrer@bluewin.ch> >> wrote: >>>>> >>>>> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n >>>> subnets to wpad.dat so they don't pass through the proxy. >>>>> --- >>>>> Hi List, >>>>> New version of the patch, this one has been created against next branch >>>> and successfully tested on a fresh build. >>>>> >>>>> Regards >>>>> Oliver >>>>> >>>>> html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ >>>>> 1 file changed, 25 insertions(+) >>>>> >>>>> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi >>>>> index 91e4fce..b639640 100644 >>>>> --- a/html/cgi-bin/proxy.cgi >>>>> +++ b/html/cgi-bin/proxy.cgi >>>>> @@ -2848,6 +2848,10 @@ sub write_acls >>>>> >>>>> sub writepacfile >>>>> { >>>>> + my %vpnconfig=(); >>>>> + my %ovpnconfig=(); >>>>> + &General::readhasharray("${General::swroot}/vpn/config", >>>> \%vpnconfig); >>>>> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", >>>> \%ovpnconfig); >>>>> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); >>>>> flock(FILE, 2); >>>>> print FILE "function FindProxyForURL(url, host)\n"; >>>>> @@ -2910,6 +2914,27 @@ END >>>>> } >>>>> } >>>>> >>>>> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp >>>> uc($vpnconfig{$b}[1]) } keys %vpnconfig) { >>>>> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne >>>> 'host') { >>>>> + my @networks = split(/\|/, $vpnconfig{$key}[11]); >>>>> + foreach my $network (@networks) { >>>>> + my ($vpnip, $vpnsub) = split("/", $network); >>>>> + $vpnsub = >>>> &Network::convert_prefix2netmask($vpnsub) || $vpnsub; >>>>> + print FILE " (isInNet(host, \"$vpnip\", >>>> \"$vpnsub\")) ||\n"; >>>>> + } >>>>> + } >>>>> + } >>>>> + >>>>> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp >>>> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { >>>>> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne >>>> 'host') { >>>>> + my @networks = split(/\|/, $ovpnconfig{$key}[11]); >>>>> + foreach my $network (@networks) { >>>>> + my ($vpnip, $vpnsub) = split("/", $network); >>>>> + print FILE " (isInNet(host, \"$vpnip\", >>>> \"$vpnsub\")) ||\n"; >>>>> + } >>>>> + } >>>>> + } >>>>> + >>>>> print FILE <<END >>>>> (isInNet(host, "169.254.0.0", "255.255.0.0")) >>>>> ) >>>>> -- >>>>> 1.8.3.1 >>>>> >>> >>> > >
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 91e4fce..b639640 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2848,6 +2848,10 @@ sub write_acls sub writepacfile { + my %vpnconfig=(); + my %ovpnconfig=(); + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2910,6 +2914,27 @@ END } } + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $vpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } + + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { + my @networks = split(/\|/, $ovpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; + } + } + } + print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )